o

�h#N�@
sb
dd
lm
Z

ddlZddlZddlZddlmZmZ
ddlm	Z	
ddl
mZmZ
ddl
mZ
ddlmZmZmZ
Gdd	�d	ej�ZGd
d�dej�ZejejejejejfZd!dd�ZGdd�dej�ZGdd�d�ZGdd�dejd�Z Gdd�dejd�Z!Gdd�dejd�Z"e �#e	j �

e"�#e	j"�

e!�#e	j!�

Gdd�d�Z$Gdd �d �Z%e	j&Z&e	j'Z'dS)"�)
�annotationsN)�utils�x509)
�ocsp)�hashes�
serialization)
� CertificateIssuerPrivateKeyTypes)�_EARLIEST_UTC_TIME�_convert_to_naive_utc_time�_reject_duplicate_extensionc
@
seZ
dZd
ZdZdS)�OCSPResponderEncodingzBy HashzBy NameN)�__name__�
__module__�__qualname__�HASH�NAME�rr�I/usr/local/CyberCP/lib/python3.10/site-packages/cryptography/x509/ocsp.pyrs

rc
@
s$eZ
dZd
ZdZdZdZdZdZdS)�OCSPResponseStatusr
�
����N)	r
rr�
SUCCESSFUL�MALFORMED_REQUEST�INTERNAL_ERROR�	TRY_LATER�SIG_REQUIRED�UNAUTHORIZEDrrrrrs





r�	algorithm�hashes.HashAlgorithm�return�Nonec

C
st|t
�s	td
�
�
dS)Nz9Algorithm must be SHA1, SHA224, SHA256, SHA384, or SHA512)�
isinstance�_ALLOWED_HASHES�
ValueError)
r rrr�_verify_algorithm/s




��r'c
@
seZ
dZd
ZdZdZdS)�OCSPCertStatusr
rrN)r
rr�GOOD�REVOKED�UNKNOWNrrrrr(6s


r(c@
seZ
dZddd�ZdS)�_SingleResponse�cert�x509.Certificate�issuerr r!�cert_statusr(�this_update�datetime.datetime�next_update�datetime.datetime | None�revocation_time�revocation_reason�x509.ReasonFlags | Nonec		C
s
t|
t
j�rt|t
j�std
�
�
t|�

t|tj�std�
�
|du
r,t|tj�s,td�
�
|
|_||_||_||_	||_
t|t�sDtd�
�
|tju
rZ|du
rQt
d�
�
|du
rYt
d�
�
n$t|tj�sdtd�
�
t|�
}|tkrpt
d�
�
|du
r~t|t
j�s~td	�
�
||_||_||_dS)
N�%cert and issuer must be a Certificatez%this_update must be a datetime objectz-next_update must be a datetime object or Nonez8cert_status must be an item from the OCSPCertStatus enumzBrevocation_time can only be provided if the certificate is revokedzDrevocation_reason can only be provided if the certificate is revokedz)revocation_time must be a datetime objectz7The revocation_time must be on or after 1950 January 1.zCrevocation_reason must be an item from the ReasonFlags enum or None)r$r�Certificate�	TypeErrorr'�datetime�_cert�_issuer�
_algorithm�_this_update�_next_updater(r*r&r
r	�ReasonFlags�_cert_status�_revocation_time�_revocation_reason)	�selfr-r/r r0r1r3r5r6rrr�__init__=s\
�




�






�



�

��



�

�
�


z_SingleResponse.__init__N)r-r.r/r.r r!r0r(r1r2r3r4r5r4r6r7)r
rrrFrrrrr,<s
r,c@
s�eZ
dZeejddd��
�
Zeejddd��
�
Zeejddd	��
�
Zeejddd��
�
Z	ejddd��
Z
eejddd��
�
ZdS)�OCSPRequestr"�bytesc


C
�d
S�z3
        The hash of the issuer public key
        Nr�
rErrr�issuer_key_hash��zOCSPRequest.issuer_key_hashc


C
rI�z-
        The hash of the issuer name
        NrrKrrr�issuer_name_hash�rMzOCSPRequest.issuer_name_hashr!c


C
rI�zK
        The hash algorithm used in the issuer name and key hashes
        NrrKrrr�hash_algorithm�rMzOCSPRequest.hash_algorithm�intc


C
rI�zM
        The serial number of the cert whose status is being checked
        NrrKrrr�
serial_number�rMzOCSPRequest.serial_number�encoding�serialization.Encodingc
C
rI)z/
        Serializes the request to DER
        Nr�rErUrrr�public_bytes�rMzOCSPRequest.public_bytes�x509.Extensionsc


C
rI)zP
        The list of request extensions. Not single request extensions.
        NrrKrrr�
extensions�rMzOCSPRequest.extensionsN�r"rH�r"r!�r"rR�rUrVr"rH�r"rY)r
rr�property�abc�abstractmethodrLrOrQrTrXrZrrrrrG�s$











rG)
�	metaclassc@
s�eZ
dZeejd"dd��
�
Zeejd#dd��
�
Zeejd#dd	��
�
Zeejd$dd��
�
Z	eejd%dd��
�
Z
eejd%dd��
�
Zeejd#dd��
�
Zeejd#dd��
�
Z
eejd&dd��
�
Zeejd&dd��
�
Zeejd'dd��
�
Zeejd(dd ��
�
Zd!S))�OCSPSingleResponser"r(c


C
rI�zY
        The status of the certificate (an element from the OCSPCertStatus enum)
        NrrKrrr�certificate_status�rMz%OCSPSingleResponse.certificate_statusr4c


C
rI�z^
        The date of when the certificate was revoked or None if not
        revoked.
        NrrKrrrr5�rMz"OCSPSingleResponse.revocation_timec


C
rI�z�
        The date of when the certificate was revoked or None if not
        revoked. Represented as a non-naive UTC datetime.
        NrrKrrr�revocation_time_utc�rMz&OCSPSingleResponse.revocation_time_utcr7c


C
rI�zi
        The reason the certificate was revoked or None if not specified or
        not revoked.
        NrrKrrrr6�rMz$OCSPSingleResponse.revocation_reasonr2c


C
rI�z�
        The most recent time at which the status being indicated is known by
        the responder to have been correct
        NrrKrrrr1�rMzOCSPSingleResponse.this_updatec


C
rI�z�
        The most recent time at which the status being indicated is known by
        the responder to have been correct. Represented as a non-naive UTC
        datetime.
        NrrKrrr�this_update_utc�rMz"OCSPSingleResponse.this_update_utcc


C
rI�zC
        The time when newer information will be available
        NrrKrrrr3�rMzOCSPSingleResponse.next_updatec


C
rI�zu
        The time when newer information will be available. Represented as a
        non-naive UTC datetime.
        NrrKrrr�next_update_utc�rMz"OCSPSingleResponse.next_update_utcrHc


C
rIrJrrKrrrrL�rMz"OCSPSingleResponse.issuer_key_hashc


C
rIrNrrKrrrrO�rMz#OCSPSingleResponse.issuer_name_hashr!c


C
rIrPrrKrrrrQ�rMz!OCSPSingleResponse.hash_algorithmrRc


C
rIrSrrKrrrrT
rMz OCSPSingleResponse.serial_numberN�r"r(�r"r4�r"r7�r"r2r[r\r])r
rrr`rarbrfr5rir6r1rmr3rprLrOrQrTrrrrrd�sJ
























rdc@
seZ
dZeejdHdd��
�
ZeejdIdd��
�
ZeejdJd	d
��
�
ZeejdKdd
��
�
Z	eejdLdd��
�
Z
eejdLdd��
�
ZeejdMdd��
�
ZeejdNdd��
�
Z
eejdOdd��
�
ZeejdPdd��
�
ZeejdPdd ��
�
ZeejdQd"d#��
�
ZeejdRd%d&��
�
ZeejdRd'd(��
�
ZeejdSd*d+��
�
ZeejdPd,d-��
�
ZeejdPd.d/��
�
ZeejdRd0d1��
�
ZeejdRd2d3��
�
ZeejdLd4d5��
�
ZeejdLd6d7��
�
ZeejdTd9d:��
�
ZeejdUd<d=��
�
ZeejdVd?d@��
�
ZeejdVdAdB��
�
ZejdWdEdF��
ZdGS)X�OCSPResponser"�#typing.Iterator[OCSPSingleResponse]c


C
rI)z_
        An iterator over the individual SINGLERESP structures in the
        response
        NrrKrrr�	responses
rMzOCSPResponse.responsesrc


C
rI)zm
        The status of the response. This is a value from the OCSPResponseStatus
        enumeration
        NrrKrrr�response_status
rMzOCSPResponse.response_status�x509.ObjectIdentifierc


C
rI)zA
        The ObjectIdentifier of the signature algorithm
        NrrKrrr�signature_algorithm_oid
rMz$OCSPResponse.signature_algorithm_oid�hashes.HashAlgorithm | Nonec


C
rI)zX
        Returns a HashAlgorithm corresponding to the type of the digest signed
        NrrKrrr�signature_hash_algorithm"
rMz%OCSPResponse.signature_hash_algorithmrHc


C
rI)z%
        The signature bytes
        NrrKrrr�	signature+
rMzOCSPResponse.signaturec


C
rI)z+
        The tbsResponseData bytes
        NrrKrrr�tbs_response_bytes2
rMzOCSPResponse.tbs_response_bytes�list[x509.Certificate]c


C
rI)z�
        A list of certificates used to help build a chain to verify the OCSP
        response. This situation occurs when the OCSP responder uses a delegate
        certificate.
        NrrKrrr�certificates9
rMzOCSPResponse.certificates�bytes | Nonec


C
rI)z2
        The responder's key hash or None
        NrrKrrr�responder_key_hashB
rMzOCSPResponse.responder_key_hash�x509.Name | Nonec


C
rI)z.
        The responder's Name or None
        NrrKrrr�responder_nameI
rMzOCSPResponse.responder_namer2c


C
rI)z4
        The time the response was produced
        NrrKrrr�produced_atP
rMzOCSPResponse.produced_atc


C
rI)zf
        The time the response was produced. Represented as a non-naive UTC
        datetime.
        NrrKrrr�produced_at_utcW
rMzOCSPResponse.produced_at_utcr(c


C
rIrerrKrrrrf_
rMzOCSPResponse.certificate_statusr4c


C
rIrgrrKrrrr5f
rMzOCSPResponse.revocation_timec


C
rIrhrrKrrrrin
rMz OCSPResponse.revocation_time_utcr7c


C
rIrjrrKrrrr6v
rMzOCSPResponse.revocation_reasonc


C
rIrkrrKrrrr1~
rMzOCSPResponse.this_updatec


C
rIrlrrKrrrrm�
rMzOCSPResponse.this_update_utcc


C
rIrnrrKrrrr3�
rMzOCSPResponse.next_updatec


C
rIrorrKrrrrp�
rMzOCSPResponse.next_update_utcc


C
rIrJrrKrrrrL�
rMzOCSPResponse.issuer_key_hashc


C
rIrNrrKrrrrO�
rMzOCSPResponse.issuer_name_hashr!c


C
rIrPrrKrrrrQ�
rMzOCSPResponse.hash_algorithmrRc


C
rIrSrrKrrrrT�
rMzOCSPResponse.serial_numberrYc


C
rI)zR
        The list of response extensions. Not single response extensions.
        NrrKrrrrZ�
rMzOCSPResponse.extensionsc


C
rI)zR
        The list of single response extensions. Not response extensions.
        NrrKrrr�single_extensions�
rMzOCSPResponse.single_extensionsrUrVc
C
rI)z0
        Serializes the response to DER
        NrrWrrrrX�
rMzOCSPResponse.public_bytesN)r"rv)r"r)r"ry)r"r{r[)r"r)r"r�)r"r�rtrqrrrsr\r]r_r^) r
rrr`rarbrwrxrzr|r}r~r�r�r�r�r�rfr5rir6r1rmr3rprLrOrQrTrZr�rXrrrrru

s�



















































ruc@
sFeZ
dZd
d
gfd#d
d�Zd$dd�Zd%dd�Zd&dd�Zd'd!d"�Zd
S)(�OCSPRequestBuilderN�request�Ftuple[x509.Certificate, x509.Certificate, hashes.HashAlgorithm] | None�request_hash�5tuple[bytes, bytes, int, hashes.HashAlgorithm] | NonerZ�(list[x509.Extension[x509.ExtensionType]]r"r#cC
s|
|_||_
||_dS�
N)�_request�
_request_hash�_extensions)rEr�r�rZrrrrF�
s



zOCSPRequestBuilder.__init__r-r.r/r r!cC
sZ|jdu
s
|j
du
rtd
�
�
t|�

t|
tj�rt|tj�s"td�
�
t|
||f|j
|j	�S)N�.Only one certificate can be added to a requestr8)
r�r�r&r'r$rr9r:r�r�)rEr-r/r rrr�add_certificate�
s


�
�z"OCSPRequestBuilder.add_certificaterOrHrLrTrRcC
s�|jdu
s
|j
du
rtd
�
�
t|t�std�
�
t|�

t�d|
�
t�d|�
|j	t
|
�
ks5|j	t
|�
kr9td�
�
t|j|
|||f|j�S)Nr�z serial_number must be an integerrOrLz`issuer_name_hash and issuer_key_hash must be the same length as the digest size of the algorithm)
r�r�r&r$rRr:r'r�_check_bytes�digest_size�lenr�r�)rErOrLrTr rrr�add_certificate_by_hash�
s&






�

�



�z*OCSPRequestBuilder.add_certificate_by_hash�extval�x509.ExtensionType�critical�boolcC
sJt|
t
j�s
td
�
�
t
�|
j||
�}t||j�
t|j	|j
g|j�
|�
�S�Nz"extension must be an ExtensionType)r$r�
ExtensionTyper:�	Extension�oidrr�r�r�r��rEr�r��	extensionrrr�
add_extensions


�z OCSPRequestBuilder.add_extensionrGc

C
s&|jdur|j
durtd
�
�
t�|�
S)Nz*You must add a certificate before building)r�r�r&r�create_ocsp_requestrKrrr�build!s


zOCSPRequestBuilder.build)r�r�r�r�rZr�r"r#)r-r.r/r.r r!r"r�)
rOrHrLrHrTrRr r!r"r�)r�r�r�r�r"r�)r"rG)r
rrrFr�r�r�r�rrrrr��
s
�



r�c@
s`eZ
dZd
d
d
gfd5d
d�Zd6dd�Zd7d d!�Zd8d#d$�Zd9d)d*�Zd:d/d0�Ze	d;d3d4��
Z
d
S)<�OCSPResponseBuilderN�response�_SingleResponse | None�responder_id�5tuple[x509.Certificate, OCSPResponderEncoding] | None�certs�list[x509.Certificate] | NonerZr�cC
s|
|_||_
||_||_dSr�)�	_response�
_responder_id�_certsr�)rEr�r�r�rZrrrrF)s



zOCSPResponseBuilder.__init__r-r.r/r r!r0r(r1r2r3r4r5r6r7r"c	
	C
s<|jdu
r	t
d
�
�
t|
|||||||�}	t|	|j|j|j�S)Nz#Only one response per OCSPResponse.)r�r&r,r�r�r�r�)
rEr-r/r r0r1r3r5r6�
singleresprrr�add_response6s$









�




�z OCSPResponseBuilder.add_responserUr�responder_certcC
sP|jdu
r	t
d
�
�
t|tj�std�
�
t|
t�std�
�
t|j||
f|j	|j
�S)Nz!responder_id can only be set oncez$responder_cert must be a Certificatez6encoding must be an element from OCSPResponderEncoding)r�r&r$rr9r:rr�r�r�r�)rErUr�rrrr�Us







�



�z OCSPResponseBuilder.responder_id�!typing.Iterable[x509.Certificate]cC
s\|jdu
r	t
d
�
�
t|
�
}
t|
�
dkrt
d�
�
tdd�|
D�
�
s$td�
�
t|j|j|
|j	�S)Nz!certificates may only be set oncer
zcerts must not be an empty listc
s
s�|]	}
t|
t
j�V
qdSr�)r$rr9)�.0�
xrrr�	<genexpr>ps�z3OCSPResponseBuilder.certificates.<locals>.<genexpr>z$certs must be a list of Certificates)
r�r&�listr��allr:r�r�r�r�)rEr�rrrr�hs











�z OCSPResponseBuilder.certificatesr�r�r�r�cC
sNt|
t
j�s
td
�
�
t
�|
j||
�}t||j�
t|j	|j
|jg|j�
|�
�Sr�)r$rr�r:r�r�rr�r�r�r�r�r�rrrr�ys





�z!OCSPResponseBuilder.add_extension�private_keyrr{rucC
s6|jdur	t
d
�
�
|jdurt
d�
�
t�tj||
|�S)Nz&You must add a response before signingz*You must add a responder_id before signing)r�r&r�r�create_ocsp_responserr)rEr�r rrr�sign�s






�zOCSPResponseBuilder.signrxrcC
s4t|
t
�s	td
�
�
|
t
jurtd�
�
t�|
ddd�S)Nz7response_status must be an item from OCSPResponseStatusz$response_status cannot be SUCCESSFUL)r$rr:rr&rr�)�clsrxrrr�build_unsuccessful�s


�

z&OCSPResponseBuilder.build_unsuccessful)r�r�r�r�r�r�rZr�)r-r.r/r.r r!r0r(r1r2r3r4r5r4r6r7r"r�)rUrr�r.r"r�)r�r�r"r�)r�r�r�r�r"r�)r�rr r{r"ru)rxrr"ru)r
rrrFr�r�r�r�r��classmethodr�rrrrr�(s

�





r�)r r!r"r#)(�
__future__rrar;�typing�cryptographyrr�"cryptography.hazmat.bindings._rustr�cryptography.hazmat.primitivesrr�/cryptography.hazmat.primitives.asymmetric.typesr�cryptography.x509.baser	r
r�Enumrr�SHA1�SHA224�SHA256�SHA384�SHA512r%r'r(r,�ABCMetarGrdru�registerr�r��load_der_ocsp_request�load_der_ocsp_responserrrr�<module>
s>









�
	F+]F

T}